January 21, 2022

Volume XII, Number 21


January 20, 2022

Subscribe to Latest Legal News and Analysis

January 19, 2022

Subscribe to Latest Legal News and Analysis

January 18, 2022

Subscribe to Latest Legal News and Analysis

Employee Monitoring: New York Establishes New Requirements for Employers

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace.  Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment, i.e. May 7th, 2022.

Pursuant to the new New York law, electronic monitoring in the workplace includes monitoring of employees’ telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage of or by an employee by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio, or electromagnetic, photoelectronic or photo-optical systems. Prior written notice of the electronic monitoring must be issued at the time of hiring and must be acknowledged by the employee in writing or electronically.  In addition, the notice must be posted in a conspicuous place readily available for viewing by employees.

It is important to note that under the new law, a private right of action for employees that are impacted by the law is not available. The New York attorney general has exclusive enforcement authority. Failure to comply with the law’s notice requirements may subject the employer to a civil penalty of $500 for the first offense, $1000 for the second offense, and $3000 for the third and each subsequent offense.

Employer monitoring requirements of this kind are not exclusive to New York. In Connecticut, for example, both private and public sector employers are required to notify employees prior to electronic monitoring, with similar penalties for failure to comply.  Likewise, in Delaware, an employer is not permitted to monitor or intercept an employee’s telephone conversations, email or internet usage without prior notice in writing or alternatively notification, day of, each time the employee accesses the employer-provided email or Internet access services.

Excessive, clumsy, or improper employee monitoring can cause significant morale problems and, worse, create potential legal liability for privacy-related violations of statutory and common law protections, as evidenced by the New York law and others of its kind. Advancements in technology have made it easier to monitor remote employees, and by extension easier to violate the law for employers that are not careful.

When organizations decide to engage in any level of surveillance or search of employees, they should consider what their employees’ expectations are concerning privacy. Whether in a jurisdiction that requires prior notice of employee monitoring or not, in general, it is best practice to communicate to employees a well-drafted acceptable use and electronic communication policy that informs them what to expect when using the organization’s systems, whether in the workplace or when working remotely. This includes addressing employees’ expectations of privacy, as well as making clear the information systems and activities that are subject to the policy.

COVID-19 changed the way many organizations operate, and monitoring and surveillance have become increasingly important, particularly for employers that do not share the same physical workspace with their employees.  When employers implement new monitoring and surveillance tools, they need to plan carefully, have the right team in place, review policies and applicable state and federal law, and be prepared to address problems when they arise.

Jackson Lewis P.C. © 2022National Law Review, Volume XI, Number 323

About this Author


Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and...

973- 538-6890
Jason C. Gavejian, Employment Attorney, Jackson Lewis, Principal, Restrictive Covenants Lawyer

Jason C. Gavejian is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. and a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

Mr. Gavejian represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination and wage and hour claims in both federal and state courts. Additionally, Mr. Gavejian regularly appears before administrative agencies,...

(973) 538-6890
Damon Silver, Employment Lawyer, Corporate Matters, Jackson Lewis

Damon W. Silver is an Associate in the New York City, New York, office of Jackson Lewis P.C.

In his Privacy, e-Communication and Data Security practice, Mr. Silver advises clients in various industries on compliance with federal and international privacy laws, including HIPPA, the ADA, GINA, FMLA, the TCPA, FCRA, and the EU-U.S. Privacy Shield. He also provides guidance to organizations on data breach prevention and response. 

In the area of employment litigation, Mr. Silver defends...

Mary Costigan, Jackson Lewis Law Firm, Privacy Attorney, Cybersecurity, New Jersey

Mary T. Costigan is an Associate in the Morristown, New Jersey, office of Jackson Lewis P.C. She holds a Certified Information Privacy Professional/US designation from the International Association of Privacy Professionals (iapp). Ms. Costigan advises multinational, national, and regional companies on emerging privacy and cybersecurity issues, including the broad and growing array of mandates, best practices, and preventive safeguards. In particular, she focuses on advising and assisting clients in matters relating to compliance with the General Data Protection Regulation (GDPR) and U.S....


Maya Atrakchi is the Knowledge Management (“KM”) Attorney for Jackson Lewis P.C.’s Privacy, e-Communication and Data Security and International Employment Issues Practice Groups, and is based in the New York City, New York, office of Jackson Lewis P.C.